users@glassfish.java.net

Re: Invalidating user sessions

From: Jose Noheda <jose.noheda_at_gmail.com>
Date: Mon, 24 Dec 2007 12:53:12 +0100

Thank you! I haven't ever read about Session Listeners :-)

Digging a little, a Spring bean would do the job with a little help of
WebApplicationContextSessionListener<http://google.com/codesearch?hl=es&q=+WebApplicationContextSessionListener+show:VXUqxN5tSVo:gSBuQhvGq6A:rs3MoVMjkek&sa=N&cd=1&ct=rc&cs_p=cvs+:pserver:anonymous%40springframework.cvs.sourceforge.net:/cvsroot/springframework+spring&cs_f=sandbox/src/org/springframework/web/servlet/support/WebApplicationContextSessionListener.java#first>.
I'd rather skip a servlet if it is not going to handle requests.

Regards,

On Dec 24, 2007 2:52 AM, Larry White <Larry.White_at_sun.com> wrote:

> Hi Jose:
>
> Here is a suggested solution. There are security issues involved in
> having
> a servlet with this kind of capability but I'm assuming you already
> understand
> that risk. I'm assuming that this application is running on a single
> instance
> of GlassFish.
>
> Part 1: "Data Gathering"
> You want your servlet to be able to keep track of all sessions created.
> If you make your servlet implement this interface
> (javax.servlet.http.HttpSessionListener)
> you will get a sessionCreated event firing for every session for your app
> created or activated on your instance.
> This includes (for example) if session "a" got created first on
> instance1 then your listener
> on instance1 gets fired.
>
> So based on this you will have a data structure (I would recommend some
> kind of weak map) on
> your servlet. In it would be a map from sessionids to the actual
> session objects.
>
> Part 2: "Processing the request to invalidate a list of sessionid's
> (locally)."
> For the local instance, this would mean simply iterating over your map,
> attempting to
> get each of the ids and for those you find, I guess your intention is to
> call invalidate().
> (Some you will not find because they are either already gone through
> invalidation or
> expiration) Also for housekeeping as you
> finish with each key in your structure you should remove it (to avoid a
> memory leak).
> That's also the thinking behind our recommendation to use a weak map.
>
> hope this helps
>
> Jose Noheda wrote:
>
> > Hi,
> >
> > We need to retrieve and invalidate all user sessions where the user
> > happens to have a specific attribute. Is this possible? How can we get
> > a handle to other users' sessions?
> >
> > Regards,
> >
> > JoSE
> > ====
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>